Route Origin Authorization
$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/gU3SnNaoAPM3s3RdV8c3iYubRkk.roa
File: gU3SnNaoAPM3s3RdV8c3iYubRkk.roa (raw, json)
Hash identifier: GQfGXDZIP01uw8VWBcb5GD3d9/m9aMc8dITtz07hkoQ=
Subject key identifier: 81:4D:D2:9C:D6:A8:00:F3:37:B3:74:5D:57:C7:37:89:8B:9B:46:49
Certificate issuer: /CN=e4a2b8e90d157ea022f8e700024a93dc356a514d
Certificate serial: 018B4CB7CDD3FD1B9C4A3906346CB12BA30F
Authority key identifier: E4:A2:B8:E9:0D:15:7E:A0:22:F8:E7:00:02:4A:93:DC:35:6A:51:4D
Authority info access: rsync://rpki.ripe.net/repository/DEFAULT/5KK46Q0VfqAi-OcAAkqT3DVqUU0.cer
Subject info access: rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/gU3SnNaoAPM3s3RdV8c3iYubRkk.roa
Signing time: Fri 20 Oct 2023 10:53:15 +0000
ROA not before: Fri 20 Oct 2023 10:53:15 +0000
ROA not after: Mon 01 Jul 2024 00:00:00 +0000
asID: 197428
IP address blocks: 212.68.48.0/24 maxlen: 24
Validation: Failed, RFC 3779 resource not subset of parent's resources
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
01:8b:4c:b7:cd:d3:fd:1b:9c:4a:39:06:34:6c:b1:2b:a3:0f
Signature Algorithm: sha256WithRSAEncryption
Issuer: CN=e4a2b8e90d157ea022f8e700024a93dc356a514d
Validity
Not Before: Oct 20 10:53:15 2023 GMT
Not After : Jul 1 00:00:00 2024 GMT
Subject: CN=814dd29cd6a800f337b3745d57c737898b9b4649
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public-Key: (2048 bit)
Modulus:
00:84:a3:aa:d8:53:65:da:f6:f3:d4:34:a4:b9:f0:
ad:52:13:59:d7:34:97:e9:c3:a3:7e:93:1a:c9:4f:
67:fb:a5:53:61:a0:0a:44:a0:85:65:54:b9:00:48:
ed:39:a3:3f:68:6d:ee:8d:d1:43:f5:f1:0a:40:8f:
67:a3:66:f2:a5:a5:67:65:8e:63:48:85:51:ee:29:
0c:19:18:cc:1f:27:08:8b:11:79:2e:a5:b6:5b:02:
0a:c8:3d:1d:21:c1:b4:c8:6b:63:5f:69:d8:57:30:
19:a5:de:cd:fd:fb:18:34:b9:d0:6a:0f:25:e1:4d:
c7:90:f0:23:59:ee:e1:33:ba:8b:30:e8:d3:be:21:
97:37:76:9b:2b:a9:0c:9b:1e:21:46:2b:8f:3e:61:
c7:16:ea:81:f2:75:ce:73:c4:a7:e5:55:4a:f7:b6:
26:ae:14:4c:4f:2c:f7:3d:b4:e9:a8:b0:99:0f:a2:
e7:b2:6d:97:88:d7:29:4b:f3:4e:4d:b5:73:42:bc:
a3:21:fc:2c:b9:85:61:83:43:b8:74:f9:02:fb:36:
74:a8:b8:a2:cc:27:5f:d5:fd:21:dc:0e:ea:5a:42:
49:6f:f7:ba:0c:09:d9:2b:14:c2:72:10:44:2f:e4:
70:1e:ea:37:24:f6:e1:d9:55:6d:20:ef:b1:ea:48:
c7:79
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Subject Key Identifier:
81:4D:D2:9C:D6:A8:00:F3:37:B3:74:5D:57:C7:37:89:8B:9B:46:49
X509v3 Authority Key Identifier:
keyid:E4:A2:B8:E9:0D:15:7E:A0:22:F8:E7:00:02:4A:93:DC:35:6A:51:4D
X509v3 Key Usage: critical
Digital Signature
Authority Information Access:
CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/5KK46Q0VfqAi-OcAAkqT3DVqUU0.cer
Subject Information Access:
Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/gU3SnNaoAPM3s3RdV8c3iYubRkk.roa
X509v3 CRL Distribution Points:
Full Name:
URI:rsync://rpki.ripe.net/repository/DEFAULT/97/699e85-1027-4c7e-8ae7-df4a2e760ccb/1/5KK46Q0VfqAi-OcAAkqT3DVqUU0.crl
X509v3 Certificate Policies: critical
Policy: ipAddr-asNumber
sbgp-ipAddrBlock: critical
IPv4:
212.68.48.0/24
Signature Algorithm: sha256WithRSAEncryption
0b:bc:ab:0b:99:41:b5:e1:82:f6:d3:71:df:4f:f3:95:0d:38:
2d:1e:fa:1e:08:d0:34:22:01:de:af:ef:77:30:7d:15:e5:68:
ee:c7:e9:81:cd:9e:69:05:d4:5b:20:30:32:2d:06:94:87:3f:
ae:11:ca:d2:f3:de:dd:c3:80:7c:19:e5:39:ad:e1:f1:60:3a:
10:67:a5:b7:05:31:ed:e4:14:7b:8b:2e:3b:94:21:9a:fd:4f:
c4:56:c4:f0:d9:19:e8:e2:45:3c:65:62:03:66:39:d5:e2:29:
3a:81:ce:bb:52:fe:b0:f9:74:fa:38:2f:91:bc:b6:05:3f:bb:
82:b9:7d:2b:94:47:79:28:5b:b0:62:e9:42:15:6c:ce:43:ef:
08:e9:9c:b3:5f:7d:df:f6:87:50:43:ff:ea:14:ad:b8:7e:83:
08:a4:fa:2c:2d:ae:a6:d5:d6:1f:85:31:04:b7:af:51:eb:2b:
29:d5:30:0e:cb:7f:2d:92:0e:c3:6e:f8:64:38:e5:7c:52:8c:
e3:8a:e3:3e:c7:b7:72:b5:8f:3e:a9:4e:53:c1:62:de:40:81:
7d:a7:27:85:84:9c:cf:20:bc:1a:d4:3d:bc:c7:b7:61:1e:24:
f3:2f:ce:e7:aa:df:3d:50:20:67:65:6f:22:e5:38:1e:28:86:
58:09:8f:4f
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYtMt83T/RucSjkGNGyxK6MPMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGU0YTJiOGU5MGQxNTdlYTAyMmY4ZTcwMDAyNGE5M2RjMzU2
YTUxNGQwHhcNMjMxMDIwMTA1MzE1WhcNMjQwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
Eyg4MTRkZDI5Y2Q2YTgwMGYzMzdiMzc0NWQ1N2M3Mzc4OThiOWI0NjQ5MIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhKOq2FNl2vbz1DSkufCtUhNZ1zSX
6cOjfpMayU9n+6VTYaAKRKCFZVS5AEjtOaM/aG3ujdFD9fEKQI9no2bypaVnZY5j
SIVR7ikMGRjMHycIixF5LqW2WwIKyD0dIcG0yGtjX2nYVzAZpd7N/fsYNLnQag8l
4U3HkPAjWe7hM7qLMOjTviGXN3abK6kMmx4hRiuPPmHHFuqB8nXOc8Sn5VVK97Ym
rhRMTyz3PbTpqLCZD6Lnsm2XiNcpS/NOTbVzQryjIfwsuYVhg0O4dPkC+zZ0qLii
zCdf1f0h3A7qWkJJb/e6DAnZKxTCchBEL+RwHuo3JPbh2VVtIO+x6kjHeQIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFIFN0pzWqADzN7N0XVfHN4mLm0ZJMB8GA1UdIwQY
MBaAFOSiuOkNFX6gIvjnAAJKk9w1alFNMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvNUtLNDZRMFZmcUFpLU9jQUFrcVQzRFZxVVUwLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC85Ny82OTllODUtMTAyNy00YzdlLThhZTct
ZGY0YTJlNzYwY2NiLzEvZ1UzU25OYW9BUE0zczNSZFY4YzNpWXViUmtrLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC85Ny82OTllODUtMTAyNy00YzdlLThhZTctZGY0YTJlNzYwY2Ni
LzEvNUtLNDZRMFZmcUFpLU9jQUFrcVQzRFZxVVUwLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQA1EQwMA0G
CSqGSIb3DQEBCwUAA4IBAQALvKsLmUG14YL203HfT/OVDTgtHvoeCNA0IgHer+93
MH0V5Wjux+mBzZ5pBdRbIDAyLQaUhz+uEcrS897dw4B8GeU5reHxYDoQZ6W3BTHt
5BR7iy47lCGa/U/EVsTw2Rno4kU8ZWIDZjnV4ik6gc67Uv6w+XT6OC+RvLYFP7uC
uX0rlEd5KFuwYulCFWzOQ+8I6ZyzX33f9odQQ//qFK24foMIpPosLa6m1dYfhTEE
t69R6ysp1TAOy38tkg7DbvhkOOV8UozjiuM+x7dytY8+qU5TwWLeQIF9pyeFhJzP
ILwa1D28x7dhHiTzL87nqt89UCBnZW8i5TgeKIZYCY9P
-----END CERTIFICATE-----
Generated at Wed Oct 25 10:53:30 2023 by rpki-client on console-fra.rpki-client.org